Hello, I tried the exact same setup before (with version 1.6.7 and 1.6.8) and can confirm this.
In this situation first configured port is open but TLS handshake is not possible. Being able to listen to several ports for TLS could be very handful to provide a DNS-over-TLS resolver: - on standard 853/tcp port - on 443/tcp port to offer an alternative in "hostile" networks where 853/tcp could be filtered. I think this is also what Andreas is trying to achieve. Regards, On 2018-03-13 14:24, A. Schulze via Unbound-users wrote: > Hello, > > is it possible to configure unbound to listen on more then one port for TLS? > > I tried: > > server: > access-control: 0.0.0.0/0 allow > interface: 0.0.0.0 > > tls-service-pem: "/path/to/fullchain" > tls-service-key: "/path/to/privkey" > > interface: 0.0.0.0@853 > tls-port: 853 > > interface: 0.0.0.0@443 > tls-port: 443 > > > but then there is no TLS handshake possible on port 853, only on port 443 > Removing 443, enable 853 again. > > Andreas > -- Guillaume-Jean Herbiet, PhD System engineer Fondation RESTENA / dns.lu 2, avenue de l'Université L-4365 Esch-sur-Alzette tél.: (+352) 42 44 09 fax.: (+352) 42 24 73 https://www.restena.lu https://www.dns.lu Public key ID: 0x3A4C47C7
signature.asc
Description: OpenPGP digital signature